Welcome to ALLSeek.iNFO - Security related portal. Search crack, serial number, keygen, patch, activation unlock code - Solaris Xsun Direct Graphics Access Mode Insecure Temporary Files May Allow Local Users to Gain Root Privileges

Press CTRL-D to bookmark us

Welcome Guest

Main Menu

Network

Sponsor

Top 10 Sites

Partners

Top Submit news Subscribe

Previous article Back to news list Next article

Sponsored links

Want to become one of our authors and see your work published on ALLSeek.iNFO ?

Solaris Xsun Direct Graphics Access Mode Insecure Temporary Files May Allow Local Users to Gain Root Privileges

Categorie: Vulnerability
Posted: 2003-12-05 by ReCall
Views: 402
Source: Click here

Current Rating: Not rated

Details

Description: A vulnerability was reported in the Xsun(1) Solaris X11 server when run in Direct Graphics Access (DGA) mode. A local user may be able to gain root privileges.

It is reported that on systems running the Xsun(1), a local user may be able to overwrite or create arbitrary files with root privileges due to a flaw in Xsun(1) in DGA mode. A local user can create a symbolic link (symlink) from a critical file on the system to a temporary file name to be used by Xsun. Then, when any application that uses DGA is executed, the linked file may be overwritten or created with root privileges.

A local user can also cause the Xsun process of any user of a DGA application to crash.

Impact: A local user can overwrite or create arbitrary files with root privileges, potentially giving the local user root access
on the system.

A local user can cause the Xsun process of a target user of a DGA application to crash.

Solution: Sun has issued the following fixes:

SPARC Platform

Solaris 2.6 with patch 105633-64 or later
Solaris 7 with patch 108376-44 or later
Solaris 8 with patch 108652-72 or later
Solaris 9 with patch 112785-25 or later

x86 Platform

Solaris 2.6 with patch 106248-49 or later
Solaris 7 with patch 108377-39 or later
Solaris 8 with patch 108653-61 or later
Solaris 9 with patch 112786-15 or later

Syndication

Permalink Email this

The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=583

User comments (post your comments here)

Only registerd members can post comments and articles

Previous article Back to news list Next article

InterJOB.su

LAST QUERIES